Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Describe XSS vulnerabilities.

Stored XSS (Type-I XSS):

  • What is it? Injected script permanently stored on the target server (e.g., in a database, message forum).
  • How it works? Victim gets the malicious script when requesting stored information.
  • Alias: Persistent XSS.

Reflected XSS (Type-II XSS):

  • What is it? Injected script reflected off the web server (e.g., in error message, search result).
  • How it works? Victim receives the attack via another route (e.g., email, another website).
  • Execution: Browser executes the code, considering it from a trusted server.
  • Alias: Non-Persistent XSS.

Server-side vs. DOM-based vulnerabilities:

  • Server-side (Traditional):
    • How it works? All data processing on the server, user input sent to server, and web page sent back.
  • Evolution: Client-side processing became popular for a better user experience.
  • Result: Gave rise to DOM-based XSS attacks.
  • DOM-based XSS:
    • How it works? JavaScript code on the client-side processes user input, reflecting the attack.
    • Notable: Malicious data doesn’t touch the server; reflected by JavaScript on the client side.

Leave a Comment